writeups.xyz / Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage

Submitter : c2a

Date: 3 July 2023

Bounty : undisclosed

Vulnerabilities :

• Local Privilege Escalation

Programs :

• Nullsoft Scriptable Installer System (NSIS)

Authors :

• Richard Warren (@Buffaloverflow)

Link :
https://research.nccgroup.com/2023/07/03/technical-advisory-nullsoft-scriptable-installer-system-nsis-insecure-temporary-directory-usage/